CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16 matches found

OSV•added 6 days ago•6 views

ROOT-APP-NPM-CVE-2026-44007 CVE-2026-44007 in @rootio/vm2 - Patched by Root

Root has patched CVE-2026-44007 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available...

9.1CVSS5.8AI score0.00047EPSS

Exploits1

Cvelist•added 2026/05/13 5:33 p.m.•27 views

CVE-2026-44007 vm2: nesting: true bypasses require: false, allowing sandbox escape to arbitrary OS command execution

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.1, when a NodeVM is created with nesting: true, sandbox code can unconditionally require'vm2' regardless of the outer VM's require configuration — including require: false. With access to vm2, the sandbox constructs a new inner NodeVM wi...

9.1CVSS0.00047EPSS

Exploits1References1

vulnersOsv•added 2026/05/07 5:13 a.m.•5 views

org.webjars.npm:degenerator (=4.0.4), org.webjars.npm:pac-resolver (=6.0.2) +1 more potentially affected by CVE-2026-44007 via org.webjars.npm:vm2 (=3.9.19)

org.webjars.npm:vm2 MAVEN version =3.9.19 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:vm2 and may be impacted: - org.webjars.npm:degenerator =4.0.4 - org.webjars.npm:pac-resolver =6.0.2 - org.webjars.npm:rocket.chatapps-engine =1.35...

9.1CVSS6AI score0.00047EPSS

Exploits1

Circl•added 2026/05/01 9:29 p.m.•3 views

CVE-2026-44007

creationtimestamp| type| source ---|---|--- 2026-05-01 21:29:07+00:00| published-proof-of-concept| https://github.com/patriksimek/vm2/security/advisories/GHSA-8hg8-63c5-gwmx 2026-05-05 18:39:06+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3ml4tiejjgf2s 2026-05-22 22:37:06+00:0...

9.1CVSS6AI score0.00047EPSS

Exploits1References3

Circl•added 2025/10/03 7:5 p.m.•1 views

CVE-2025-44007

creationtimestamp| type| source ---|---|--- 2025-10-03 19:05:12+00:00| seen| Telegram/Yx2K5upJmUIoFMSNNf9MDfhDybdbbEXo82PaQr5oVsdMUU...

7.1CVSS4.8AI score0.00171EPSS

Exploits0

RedhatCVE•added 2025/05/22 9:59 p.m.•7 views

CVE-2022-44007

An issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of session tracking, it is possible for an attacker to trick users into opening an authenticated user session for a session identifier known to the attacker, aka Session Fixation...

8.8CVSS6.7AI score0.00365EPSS

Exploits1References1

NVD•added 2024/09/17 11:15 p.m.•12 views

CVE-2024-44007

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sonalsinha21 SKT Templates – Elementor & Gutenberg templates skt-templates allows Reflected XSS.This issue affects SKT Templates – Elementor & Gutenberg templates: from n/a through = 6.14...

7.1CVSS0.0028EPSS

Exploits0References1

CVE•added 2024/09/17 11:4 p.m.•50 views

CVE-2024-44007

CVE-2024-44007 is a reflected Cross-Site Scripting (XSS) vulnerability affecting the WordPress plugin “SKT Templates – Elementor & Gutenberg templates” (SKT Templates) up to version 6.14. The issue arises from improper input neutralization during web page generation, enabling reflected XSS. Publi...

7.1CVSS5.9AI score0.0028EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2024/09/17 11:4 p.m.•14 views

CVE-2024-44007 WordPress SKT Templates – Elementor & Gutenberg templates plugin <= 6.14 - Reflected Cross Site Scripting (XSS) vulnerability

7.1CVSS5.9AI score0.0028EPSS

Exploits0References1

Patchstack•added 2024/09/16 12:0 a.m.•8 views

WordPress SKT Templates – Elementor & Gutenberg templates Plugin <= 6.14 is vulnerable to Cross Site Scripting (XSS)

Software SKT Templates – Elementor & Gutenberg templates Type Plugin Vulnerable versions = 6.14 Fixed in 6.15 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44007 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c6e7fe073020 Credits...

7.1CVSS6.6AI score0.0028EPSS

Exploits0References2Affected Software1

Circl•added 2022/11/17 3:53 p.m.•1 views

CVE-2022-44007

creationtimestamp| type| source ---|---|--- 2022-11-17 15:53:04+00:00| seen| https://t.me/cibsecurity/53045 2025-04-29 21:13:39+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/13933...

8.8CVSS8.1AI score0.00365EPSS

Exploits1References2

CVE•added 2022/11/16 12:0 a.m.•52 views

CVE-2022-44007

BACKCLICK Professional 5.9.63 is affected by a Session Fixation flaw stemming from an unsafe session-tracking implementation. An attacker could entice a user to open an authenticated session using a known session identifier. The issue is documented across multiple sources (e.g., Red Hat, PT-Secur...

8.8CVSS8.5AI score0.00365EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2022/11/16 12:0 a.m.•7 views

CVE-2022-44007

8.6AI score0.00365EPSS

Exploits1References2

Circl•added 2021/12/14 2:13 p.m.•0 views

CVE-2021-44007

creationtimestamp| type| source ---|---|--- 2021-12-14 14:13:22+00:00| seen| https://t.me/cibsecurity/33914...

5.5CVSS5.5AI score0.00164EPSS

Exploits0References1

OSV•added 2021/12/14 12:15 p.m.•2 views

CVE-2021-44007

A vulnerability has been identified in JT2Go All versions V13.2.0.5, Teamcenter Visualization All versions V13.2.0.5. The TiffLoader.dll contains an off-by-one error in the heap while parsing specially crafted TIFF files. This could allow an attacker to cause a denial-of-service condition...

5.5CVSS5.7AI score0.00164EPSS

Exploits0References1

CVE•added 2021/12/14 12:6 p.m.•42 views

CVE-2021-44007

CVE-2021-44007 affects Siemens JT2Go and Teamcenter Visualization (all versions

5.5CVSS5.2AI score0.00164EPSS

Exploits0References1Affected Software2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by